Debian Security Advisory DSA 1910-1 (mysql-ocaml)

Published: 2009-10-19 19:50:22
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Recommendations:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201910-1

Technical Details:
It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility. Developers using these bindings are encouraged to adjust their code to use the new function. For the stable distribution (lenny), this problem has been fixed in version 1.0.4-4+lenny1. For the oldstable distribution (etch), this problem has been fixed in version 1.0.4-2+etch1. For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your mysql-ocaml Linux Distribution Packages.

Summary:
The remote host is missing an update to mysql-ocaml announced via advisory DSA 1910-1.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2009-2942

Search
Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.